All Classes (Shibboleth IdP :: Plugins :: OpenID Connect Provider Implementation 3.2.1 API)

All Classes Class Summary Enum Summary
Class	Description
AbstractAdminApiProfileAction	Base class for admin flow actions producing JSON responses.
AbstractBuildErrorResponseFromEvent<T extends com.nimbusds.oauth2.sdk.ErrorResponse>	This action is extended by error response actions.
AbstractEncryptTokenAction	Action that encrypts a source object into an `EncryptedJWT`.
AbstractInitializeOutboundResponseMessageContext	Action that adds an outbound `MessageContext` and related OIDC contexts to the `ProfileRequestContext`.
AbstractOIDCAuthenticationRequestAction	Abstract class for actions performing actions on `AuthenticationRequest` found via `InOutOperationContext.getInboundMessageContext()` and `MessageContext.getMessage()`.
AbstractOIDCAuthenticationResponseAction	Abstract class for actions performing actions on `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AbstractOIDCClientMetadataPopulationAction	Abstract action for populating metadata from the `ClientRegistrationRequest` message to the response message.
AbstractOIDCRequestAction<T>	Abstract class for actions performing actions on a oidc request found via `InOutOperationContext.getInboundMessageContext()` and `MessageContext.getMessage()`.
AbstractOIDCResponseAction	Abstract class for actions performing actions on `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AbstractOIDCSigningResponseAction	Abstract action to be extended by oidc response actions requiring signing parameters.
AbstractOIDCTokenRequestAction	Abstract class for actions performing actions on `TokenRequest` found via `InOutOperationContext.getInboundMessageContext()` and `MessageContext.getMessage()`.
AbstractOIDCTokenResponseAction	Abstract class for actions performing actions on `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AbstractOIDCUserInfoRequestAction	Abstract class for actions performing actions on `UserInfoRequest` found via `InOutOperationContext.getInboundMessageContext()` and `MessageContext.getMessage()`.
AbstractOIDCUserInfoResponseAction	Abstract class for actions performing actions on `OIDCMetadataContext` located under `InOutOperationContext.getInboundMessageContext()`.
AbstractOIDCUserInfoValidationResponseAction	Abstract class for actions performing actions on `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AbstractProcessTokenAction<T>	Action that processes a token by validating it and populating the resulting `JWTClaimsSet` into an `OAuth2TokenMgmtResponseContext` placed beneath the outbound `MessageContext`.
AbstractSignJWTAction	Abstract action for signing JWT.
AddAccessTokenHashToIDToken	Action that adds access token hash claim to a `IDTokenClaimsSet`.
AddAcrToIDToken	Action that adds acr claim to a `IDTokenClaimsSet`.
AddApplicationTypeToClientMetadata	Adds the application_type to the `OIDCClientRegistrationResponseContext`.
AddAttributesToClaimsSet	Action that adds claims to a `ClaimsSet`.
AddAuthorizationCodeHashToIDToken	Action that adds authorization code hash claim to a `IDTokenClaimsSet`.
AddAuthTimeToIDToken	Action that adds auth_time claim to a `IDTokenClaimsSet`.
AddClientNameToClientMetadata	Adds client name from the input metadata to the output `OIDCClientMetadata`.
AddContactsToClientMetadata	Adds the contents of the contacts attribute from the input metadata to the output `OIDCClientMetadata`.
AddGrantTypeToClientMetadata	An action that adds the grant_type to the client metadata.
AddIDTokenShell	Action that creates a `IDTokenClaimsSet` object shell, and sets it to work context `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AddJwksToClientMetadata	An action that adds the jwks or jwks_uri to the client metadata, if one of those were defined in the request.
AddLogoUrisToClientMetadata	This action adds the logo_uri(s) to the client metadata.
AddMetadataStatementToClientMetadata	An action that adds the trusted metadata_statement chain (containing OP's signed key) to the metadata_statement claim in the response metadata.
AddNonceToIDToken	Action that adds nonce claim to a `IDTokenClaimsSet`.
AddPolicyUrisToClientMetadata	This action adds the policy_uri(s) to the client metadata.
AddRedirectUrisToClientMetadata	Adds the (mandatory) redirect_uris to the output `OIDCClientMetadata`.
AddRemainingClaimsToClientMetadata	Adds the remaining claims from the input metadata to the output `OIDCClientMetadata`, which haven't been added there already, but which are recognized in the metadata policy.
AddRequestObjectSecurityConfigurationToClientMetadata	Verifies and adds the request object configuration details (request_object_signing_alg, request_object_encryption_alg and request_object_encryption_enc) to the client metadata.
AddResponseTypesToClientMetadata	An action that adds response_types to the OIDC client metadata.
AddScopeToClientMetadata	Adds the `Scope` from the input metadata to the output `OIDCClientMetadata`.
AddSecurityConfigurationToClientMetadata	Verifies and adds the security configuration details (_response_alg and _response_enc) to the client metadata.
AddSubjectTypeToClientMetadata	An action that adds the subject_type to the client metadata.
AddTokenDeliveryAttributesToClaimsSet	Action that adds claims to a `ClaimsSet`.
AddTokenEndpointAuthMethodsToClientMetadata	An action that adds the token_endpoint_auth_method to the client metadata.
AddTosUrisToClientMetadata	This action adds the tos_uri(s) to the client metadata.
AddUserInfoShell	Action that creates a `UserInfo` object shell, and sets it to work context `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
AlgorithmInfoMetadataValueResolver	A `MetadataValueResolver` for resolving signing/encryption algorithm information from the current `SecurityConfiguration`.
ArrayMetadataValueResolver	An implementation to `MetadataValueResolver` that contains an array of other `MetadataValueResolver`s.
AttributeConsentEnabledInTokenClaimsSetPredicate	A predicate implementation that checks if attribute consent flag is enabled.
AttributeFilterNamespaceHandler	Namespace handler for the oidc specific attribute filter engine functions.
AttributeInOIDCRequestedClaimsMatcher	Class for matching attribute to requested claims.
AttributeInOIDCRequestedClaimsRuleParser	Bean definition parser for `AttributeInOIDCRequestedClaimsMatcher`.
AttributeOIDCScopePolicyRule	Compare the scopes of oidc authentication request with the provided value.
AttributeOIDCScopeRuleParser	Bean definition parser for `AttributeOIDCScopePolicyRule`.
AttributeResolutionSubjectLookupFunction	A function that returns subject identifier from filtered claims.
AuthenticationContextReferenceAuditExtractor	Looks up the 'acr' value from the OIDC authentication response context.
AuthenticationRequestClaimsAuditExtractor	A function that resolves a claim value from the authentication request.
BaseOAuth2RequestDecoder<T extends com.nimbusds.oauth2.sdk.Request>	Base decoder for Nimbus OAuth2 request messages.
BasicJWKCredentialFactoryBean	factory bean for Basic JSON Web Keys (JWK).
BuildAccessToken	Action that creates an Access Token, and stores it to an `AccessTokenContext`.
BuildAuthenticationErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OIDC authentication error response message and attaches it as the outbound message.
BuildClientInformation	An action that uses the information from `OIDCClientRegistrationResponseContext` attached to the message context for creating a new `ClientInformationResponse`.
BuildIntrospectionErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OAuth2 Token Introspection error response message and attaches it as the outbound message.
BuildJSONErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs a json error response message and attaches it as the outbound message.
BuildRegistrationErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OIDC client registration error response message and attaches it as the outbound message.
BuildRevokeTokenErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OAuth2 Token Revocation error response message and attaches it as the outbound message.
BuildTokenErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OIDC token error response message and attaches it as the outbound message.
BuildUserInfoErrorResponseFromEvent	This action reads an event from the configured `EventContext` lookup strategy, constructs an OIDC user info error response message and attaches it as the outbound message.
CheckRedirectURIs	The action that verifies the redirect_uris from the request.
ClaimsAuditExtractor	`Function` that returns the released claims for the endpoint.
ClientIDFromOIDCMetadataContextLookupFunction	Deprecated, for removal: This API element is subject to removal in a future version. As of 3.1.0, moved to `net.shibboleth.oidc.profile.logic.ClientIDFromOIDCMetadataContextLookupFunction`
ClientIdRegistrationAuditExtractor	Looks up the client ID value from the OIDC client registration response context.
ClientInformationCriterion	Client information criterion to make decisions based on client information.
ClientManagementArguments	Command line processing for OIDC client mgmt flow.
CredentialMetadataValueResolver	An implementation of `MetadataValueResolver` that converts public parts of the attached `Credential` to the value.
DecryptRequestObject	Action decrypts request object if it is encrypted.
DefaultChainRevocationLifetimeLookupStrategy	Default lookup function for fetching the chain revocation lifetime.
DefaultMetadataPolicyCriteriaLookupFunction	A function returning a `CriteriaSet` which contains the metadata policy document location as `ResourceLocationCriterion`.
DefaultMetadataPolicyMergingStrategy	A function that merges two maps of metadata policies according to the rules specified in the OIDC federation spec (draft 17), section 5.1.3.1:
DefaultRootTokenIdentifierLookupStrategy	Default lookup function for fetching the root token identifier from the given claims set.
DefaultSubjectTypeStrategy	Function to decide on subject type.
DefaultTokenRevocationLifetimeLookupStrategy	Default lookup function for fetching the token revocation lifetime from the given claims set.
DoClientManagementOperation	Action that implements a JSON REST API for querying and deleting OIDC client information.
DynamicFilesystemProviderMetadataResolver	An extension to `FilesystemProviderMetadataResolver` that enables some of the claims to be dynamically updated outside the file.
EncryptAccessToken	Action that handles JWT access token encryption.
EncryptProcessedToken	Action that serves both id token and user info response encryption.
ExtractClientAuthenticationFromRequest	Extracts OAuth 2 client authentication details from a request and stores them in an `OAuth2ClientAuthenticationContext` beneath the `AuthenticationContext` for subsequent validation.
FilesystemMetadataValueResolver	An implementation to `RefreshableMetadataValueResolver` that fetches the information from a file.
FilesystemProviderMetadataResolver	Based on `FilesystemMetadataResolver`.
ForceAuthnAuditExtractor	`Function` that returns true is prompt contains login in `AuthenticationRequest`.
FormOutboundAuthenticationResponseMessage	Action that forms outbound message based on request and response context.
FormOutboundDiscoveryResponse	This action builds a response for the OP configuration discovery request.
FormOutboundIntrospectionResponseMessage	Action that forms outbound token introspection success message.
FormOutboundKeySetResponseMessage	Action that forms outbound message containing keyset.
FormOutboundRevokeTokenResponseMessage	Action that forms outbound token revocation success message.
FormOutboundTokenResponseMessage	Action that forms outbound message based on token request and response context.
FormOutboundUserInfoResponseMessage	Action that forms outbound message based on response context.
GenerateClientID	Creates the client ID for the registration.
GenerateClientSecret	Creates a new client secret with the `IdentifierGenerationStrategy` attached to this action.
IdTokenClaimsAuditExtractor	A function that resolves a claim value from the id_token claims set.
InboundMessageClassLookupFunction	Looks up the value of the simple class name from the inbound message context's message object.
InitializeAuthenticationContext	An action that creates an `AuthenticationContext` and attaches it to the current `ProfileRequestContext`.
InitializeOutboundAuthenticationResponseMessageContext	Action that adds an outbound `MessageContext` and related OIDC contexts to the `ProfileRequestContext` based on the identity of a relying party accessed via a lookup strategy, by default an immediate child of the profile request context.
InitializeOutboundRegistrationResponseMessageContext	Action that adds an outbound `MessageContext` and related OIDC context to the `ProfileRequestContext`.
InitializeOutboundResponseMessageContext	Action that adds an outbound `MessageContext` typed to generic `Response` to `ProfileRequestContext`.
InitializeOutboundTokenMgmtResponseMessageContext	Action that adds an outbound `MessageContext` and related contexts to the `ProfileRequestContext`.
InitializeOutboundTokenResponseMessageContext	Action that adds an outbound `MessageContext` and related OIDC contexts to the `ProfileRequestContext` not knowing the relying party yet.
InitializeOutboundUserInfoResponseMessageContext	Action that adds an outbound `MessageContext` and related OIDC contexts to the `ProfileRequestContext` not knowing the relying party yet.
InitializeRegistrationMetadataPolicyContext	Initializes the `OIDCClientRegistrationMetadataPolicyContext` and attaches it as a subcontext for the incoming `MessageContext`.
InitializeRelyingPartyContext	Action that adds a `RelyingPartyContext` to the current `ProfileRequestContext` tree via a creation function.
InitializeSubjectContext	An action that creates an `SubjectContext` and attaches it to the current `ProfileRequestContext`.
InitializeUnverifiedRelyingPartyContext	Action that adds a `RelyingPartyContext` to the current `ProfileRequestContext` tree via a creation function.
IsPassiveAuditExtractor	`Function` that returns true is prompt contains 'none' in `AuthenticationRequest`.
IssueIDTokenCondition	Activation condition returning true if validated scope contains 'openid' scope.
IssuerCriterion	A `Criterion` representing an OIDC (provider) issuer.
IssueRegistrationAccessToken	Action that issues access token to be used for the OIDC dynamic registration endpoint.
IssueRegistrationAccessTokenArguments	Command line processing for issue-registration-access-token flow.
JWTCredentialValidator	A validator that handles authentication via signed JWT.
ManipulateClaimsForIDToken	An action that can be used for manipulating id_token claims via configurable strategy (bi-function).
NimbusResponseEncoder	A message encodes that encodes the Nimbus `Response` in the message context inside the attached `HttpServletResponse`.
OAuth2IntrospectionRequestDecoder	Message decoder decoding OpenID Connect `TokenIntrospectionRequest`s.
OAuth2RevocationErrorResponse	OAuth2 Token Revocation Error message class.
OAuth2RevocationRequestDecoder	Message decoder decoding OpenID Connect `TokenRevocationRequest`s.
OAuth2RevocationSuccessResponse	OAuth2 Token Revocation Success message class.
OIDCAuthenticationRequestDecoder	Message decoder decoding OpenID Connect `AuthenticationRequest`s.
OIDCClientInfoCredentialValidator	A password validator that authenticates against OIDC client metadata (which may itself be emulated via SAML metadata).
OIDCClientInformationEncryptionParametersResolver	A specialization of `BasicEncryptionParametersResolver` which resolves both encryption and decryption credentials and algorithm preferences using client registration data of OIDC client.
OIDCClientInformationEncryptionParametersResolver.ParameterType	Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.
OIDCClientInformationSignatureSigningParametersResolver	A specialization of `BasicSignatureSigningParametersResolver` which supports selecting signing credentials based on client registration data and instantiating HS credentials when needed.
OIDCClientInformationSignatureSigningParametersResolver.ParameterType	Whether to create parameters for id token signing or userinfo response signing.
OIDCClientInformationSignatureValidationParametersResolver	A specialization of `BasicSignatureSigningParametersResolver` which supports selecting signature validation credentials based on client registration data.
OIDCClientInformationSignatureValidationParametersResolver.ParameterType	Whether to create parameters for request object signature validation or token endpoint JWT validation.
OIDCClientRegistrationRequestDecoder	Message decoder decoding OpenID Connect `ClientRegistrationRequest`s.
OIDCMetadataLookupHandler	Handler for inbound OIDC protocol messages that attempts to locate OIDC metadata for a rp, and attaches it with a `OIDCMetadataContext` as a child of a pre-existing instance of `MessageContext`.
OIDCOPModule	`IdPModule` implementation.
OIDCOPPlugin	Details about the OIDC OP plugin.
OIDCResponseEncoderFactory	A source of encoders that first verifies a message being an instance of Nimbus `Response` and then returns the attached `MessageEncoder`.
OIDCTokenRequestDecoder	Message decoder decoding OpenID Connect `TokenRequest`s.
OIDCUserInfoRequestDecoder	Message decoder decoding OpenID Connect `UserInfoRequest`s.
OutboundMessageClassLookupFunction	Looks up the value of the simple class name from the outbound message context's message object.
PairwiseSubjectActivationCondition	Activation condition returning true if pairwise subject is requested.
ParseAccessToken	Action that parses an access token and initially populates the claims for later validation.
PopulateOIDCEncryptionParameters	Action that resolves and populates `EncryptionParameters` on an `EncryptionContext` created/accessed via a lookup function, by default on a `RelyingPartyContext` child of the profile request context.
PopulateOIDCMetadataContext	A message handler that attempts to locate OIDC client information from the SAML entity descriptor containing role descriptor of type `SPSSODescriptor`.
PopulateOIDCSignatureSigningParameters	Action that resolves and populates `SignatureSigningParameters` on a `SecurityParametersContext` created/accessed via a lookup function, by default on the outbound message context.
PopulateOIDCSignatureSigningParametersHandler	Handler that resolves and populates `SignatureSigningParameters` on a `SecurityParametersContext` created/accessed via a lookup function, by default as an immediate child context of the target `MessageContext`.
ProcessRequestedAuthnContext	An action that creates an `RequestedPrincipalContext` or `PreferredPrincipalContext` and attaches it to the current `AuthenticationContext`.
ProcessTokenForIntrospection	Action that processes a token for introspection.
ProcessTokenForRevocation	Action that processes a token for revocation.
ProviderMetadataResolverServiceStrategy	Strategy for summoning up a `ProviderMetadataResolver` from a populated `ApplicationContext`.
PublicSubjectActivationCondition	Activation condition returning true if public subject is requested.
RegisterFilterServletContextInitializer	A `ServletContainerInitializer` implementation that registers dynamic response header filter for enabling configurable headers.
RequestUtil	Request logging helper class.
ResponseUtil	Response logging helper class.
RevokeConsent	Action that revokes consent if offline_access scope or prompt with consent is requested.
RevokedTokenAuditExtractor	`Function` that returns token to be revoked by `TokenRevocationRequest`.
RevokeToken	Action that revokes a single token or the full chain of tokens, depending on the result of the configured lookup strategy for the revocation method.
RootTokenIdRevocationValidator	Verifies the root identifier (`TokenClaimsSet.KEY_ROOT_JTI` from the JWT against revocation via configurable `RevocationCache`.
SetAccessTokenToResponseContext	Action that creates a Access Token, and sets it to work context `OIDCAuthenticationResponseContext.getAccessToken()` located under `InOutOperationContext.getOutboundMessageContext()`.
SetAuthenticationContextClassReferenceFromAuthzCodeToResponseContext	Action that sets authentication context class reference to work context `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
SetAuthenticationContextClassReferenceToResponseContext	Action that sets authentication context class reference to work context `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
SetAuthenticationTimeToResponseContext	Action that sets authentication instant to work context `OIDCAuthenticationResponseContext` located under `InOutOperationContext.getOutboundMessageContext()`.
SetAuthorizationCodeToResponseContext	Action that creates a Authorization Code, and sets it to work context `OIDCAuthenticationResponseContext.getAuthorizationCode()` located under `InOutOperationContext.getOutboundMessageContext()`.
SetConsentFromTokenToResponseContext	Action that locates consent from authorization code / access token.
SetConsentToResponseContext	Action that checks for adds the currently existing attributes from `AttributeContext` for token delivery.
SetEntityIdToSAMLPeerEntityContext	`MessageHandler` that sets the entityID to the given `SAMLPeerEntityContext` class.
SetRefreshTokenToResponseContext	Action that creates a Refresh Token, and sets it to work context `OIDCAuthenticationResponseContext.getRefreshToken()` located under `InOutOperationContext.getOutboundMessageContext()`.
SetRequestedClaimsToResponseContext	Action that sets requested claims to response context.
SetRequestedSubjectToResponseContext	Action that sets requested sub value to response context.
SetRequestObjectToResponseContext	Action that stored request object to `OIDCAuthenticationResponseContext`.
SetResponseStatusCodeFromEvent	This action reads an event from the configured `EventContext` lookup strategy and sets the status code for `HttpServletResponse` according to the attached configuration.
SetSectorIdentifierForAttributeResolution	An action that sets `AttributeResolutionContext.setAttributeRecipientGroupID(java.lang.String)` to sector identifier if pairwise subject is requested.
SetSubjectToResponseContext	Action that locates subject using strategy.
SetTokenDeliveryAttributesFromTokenToResponseContext	Action that locates any token delivery claims from authorization code / access token.
SetTokenDeliveryAttributesToResponseContext	Action that checks for any released attributes marked for token delivery.
SignAccessToken	Action that signs `AccessTokenContext.getJWT()` and overwrites it with the signed version.
SignIDToken	Action that signs `IDTokenClaimsSet` and sets it to `OIDCAuthenticationResponseContext.getProcessedToken()`.
SignUserInfoResponse	Action that signs `UserInfo` and sets it to `OIDCAuthenticationResponseContext.getProcessedToken()`.
StoreClientInformation	An action that stores the `ClientInformation` from the `OIDCClientRegistrationResponseContext` to the associated `ClientInformationManager`.
SubjectActivationCondition	Activation condition returning true if subject cannot be located from oidc response context.
SubjectTypeAuditExtractor	`Function` that returns the type of the subject from `OIDCAuthenticationResponseContext`.
SubjectValueAuditExtractor	`Function` that returns the value of the subject from `OIDCAuthenticationResponseContext`.
ValidateAccessToken	Action that validates the claims pulled from an access token as usable for access to the OP's UserInfo endpoint.
ValidateAudience	Action that validates requested resource/audience values against a computed set of "allowed" values and populates the resulting set into the `OIDCAuthenticationResponseContext` and a `ProxiedRequesterContext`.
ValidateClientAuthenticationType	Validates the client authentication type with the token_endpoint_auth_method stored in the client's metadata and the profile configuration.
ValidateCodeChallenge	Validates the presence of PKCE code challenge parameter from the incoming authentication request.
ValidateGrant	Action that validates an authorization grant.
ValidateGrantType	An action that validates the grant type is registered to the requesting RP.
ValidatePKCE	Action performs PKCE (https://oauth.net/2/pkce/) validation.
ValidateRedirectURI	Action that validates redirect uri is expected.
ValidateRegistrationAccessToken	Action that validates registration access token is a valid one.
ValidateRegistrationRequestMetadata	Validates the incoming dynamic client registration request against the metadata policy stored in the `OIDCClientRegistrationMetadataPolicyContext`.
ValidateRequestObject	Action validates request object in response context.
ValidateResponseType	An action that validates the requested response_type is registered to the requesting RP.
ValidateScope	Action that validates requested and previously granted scopes are also registered in client metadata and stores the resulting set in the response context.
VerifyRequestedSubjectIdentifier	Action verifies that produced subject equals to requested subject if such exists.